chaospatterns
@chaospatterns@lemmy.world
- Comment on 👁️🐽👁️ 22 hours ago:
That’s also why certain contact lenses can’t be worn overnight or for long periods of time because they aren’t as breathable. At least that’s what my eye doctor said when I got them.
- Comment on Help setting up a selfhosted VPN at home 1 week ago:
I use a variant of this: github.com/linuxserver/docker-wireguard
You don’t need two different containers for this. They’re going to either fight each other for control over the networking tables or run wireguard in wireguard
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 1 week ago:
So I had a chance to try this out. It wasn’t on Google Play Store, only F-Droid. There isn’t really SSO support, you either login with User/Password or a token. Instead, I login with my browser, get the token and paste it in. That works fine, but an ideal world is just pop up an browser WebView and go through the flow, then grab the token. Maybe it was intentional, but PaperlessShare registered as an Open handler for PDFs and the share menu, whereas this is only share menu.
Overall, it does the job and gets my docs uploaded.
- Comment on Study: Social media probably can’t be fixed 1 week ago:
My prediction is that manually reviewing user creation won’t scale to a high level and unless systems develop spam detection and reputation management similar to email then it’s not going to be limited to just one or two bad instances.
Its trivial to create my own instance with a new domain and there’s no limitations against sending ActivityPub messages to a server. Unfortunately the simplest fix is for big instances to restrict what instances can communicate to it, but that causes centralization.
Plus, we don’t need to be huge. There’s no benefit from it.
The benefit is breadth and depth of communities. Reddit is great because if you are interested, there’s a bunch of people talking about it.
- Comment on Systemd Service Hardening 1 week ago:
How hard would it be to contribute these improvements back to the project in the form of either distro package updates or documentation changes? Did you consider that?
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 2 weeks ago:
Can you expand on the OIDC/OpenID support? Does it support SSO based authentication to Paperless?
- Comment on Leaving GitHub. Music server alternatives? 2 weeks ago:
I respect your strong ethics and sticking to them, but saying they people support genocide for using software hosted on GitHub is an extreme position.
Do you drive a car or fly a plane? Then you must have no red lines against climate change.
- Comment on Self-hosted blog - do I need a static IP address? 2 weeks ago:
- Comment on Itch.io has begun restoring NSFW content, but only if it’s free 3 weeks ago:
The problem is the payment processor. There’s only so many of them that customers actually choose to use.
- Comment on Mastercard release a statement about game stores, payment processors and adult content 3 weeks ago:
buy a stock through a company like Fidelity where is the stock actually held and that was layers of public/private companies/corporations
- Comment on OpenAI’s Sam Altman warns of AI voice fraud crisis in banking 4 weeks ago:
How about some Yubikeys or smart cards instead of something that requires me to scan my retina and share it with Sam Altman
- Comment on I'm setting up a Windows 11 laptop for my uncle. Is there a sneaky way to make it block right-wing bullshit websites? 5 weeks ago:
If you alter it to 0.0.0.0 then it shouldn’t pop an SSL error, it would be a connection failed error.
- Comment on Just created my own zero trust network! 5 weeks ago:
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.
- Comment on Photo management - storing friends' photos 1 month ago:
Encryption at rest just means the data itself is encrypted when stored on disk and the key is somewhere. It doesn’t dictate that the key is not visible to the server.
Encryption in transit refers to an encrypted channel from client to server.
E2E encryption usually refers to encryption from one entity to another where any intermediary servers do not have the ability to decrypt
Source: too many years doing application security at my job
- Comment on Homemade polarimetric synthetic aperture radar drone 1 month ago:
After I read this, I thought it would be really cool to try to make this myself. But then I realized I’m barely able to get a simple circuit working much less one that involves complex RF signalling.
- Submitted 1 month ago to electronics@discuss.tchncs.de | 2 comments
- Comment on Automatic Transfer Switch PDU in The Homelab - Does it make sense? 1 month ago:
The point seems to be able to handle a UPS failure
- Comment on Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi 1 month ago:
WiFi is on all three bands. It’s not so much what’s newer vs older. Newer devices tend to support 2.4, 5, and 6 and switch between them based on quality of signal and support by the WiFi network. Higher frequencies like 5 and 6GHz are generally better because there’s less interference.
Cheaper devices tend to only support 2.4GHz
- Comment on Meta is Adding AI-Powered Summaries to WhatsApp 1 month ago:
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
- Submitted 2 months ago to technology@lemmy.world | 0 comments
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 2 months ago:
Google is doing this because they have incentives to do so. They want to block malicious actors like attack their platforms.
Other companies want to lock down their own apps because they don’t think users should be permitted to do anything other than use their apps exactly as they want.
I don’t like it as a user, but I also see the reason why companies want this by being on the security side of software.
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 2 months ago:
This is the future of the Big Tech Internet if we’re not careful. Attestation to be able to use communications and other websites.
- Comment on 2 months ago:
I used to work in Amazon (left after 10 years because it wore me down), but it wasn’t that compartmentalized.
I’m sure there were some teams that were like that but I could easily find another team, open a ticket, get a response and see their on calls investigate the issue. It was often times possible to look at their service metrics and source code to see if I could find the problem myself.
Support just can’t share that info because they don’t know what is considered a trade secret or internal detail vs what is public.
- Comment on Why Balcony Solar Panels Haven’t Taken Off in the US 2 months ago:
No, it’s electrical code. Standard outlets can’t be used to supply power because it means you have a plug that has exposed wires commonly called suicide wires. While these balconey top solar likely use grid following so it has to detect a grid voltage, the electrical code doesn’t consider it AFAIK.
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 3 months ago:
Different Operating Systems call it different things. Windows calls it Alternate. Even if it was only used when the primary was down, DNS doesn’t provide any sort of guidance or standard on when to switch between primary and secondary. Is one query timeout enough to switch? How often do you reattempt to the first DNS server? When do you switch back?
- Comment on The Beauty Of Having A Pi-hole · Den Delimarsky 3 months ago:
And what do you set that secondary DNS entry to? Operating systems may use both, so you need the secondary to point to a pi hole or else you’re letting ads through randomly.
- Comment on That's all folks, Plex is starting to charge for sharing 3 months ago:
Its not difficult for technical people like you or me, but my friend who just wants to watch their favorite show on my Plex on their TV won’t know how to traffic engineer the traffic over a Tailscale network to my network.
- Comment on That's all folks, Plex is starting to charge for sharing 3 months ago:
With Plex, you’re getting the easy ability to grant access to users. You get a single pane that can search across multiple Plex instances, and NAT traversal/port forwarding. Jellyfin makes you figure that out yourself.
- Comment on Hundreds of smartphone apps are monitoring users through their microphones 3 months ago:
Past vulnerabilities doesn’t mean there is active mpdern vulnerabilities especially ones in widely tested operating systems that’s exploited by as many apps as people claim are listening when security researchers also regularly reverse engineer and analyze the source code of popular apps to figure out what they’re doing.
Its one thing to claim there’s some a system level bypass for the icon that the NSA uses to spy on its enemies, it’s another thing to claim that it’s being exploited on a wide scale by a tech company.
- Comment on Blue Shield of California shared the private health data of millions with Google for years 3 months ago:
Here’s a good reason why you should run an ad blocker. Block the Google Analytics script from loading entirely.